[Webkit-unassigned] [Bug 23814] Crasher: Random unicode characters inserted into select options and

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Feb 7 15:39:07 PST 2009


https://bugs.webkit.org/show_bug.cgi?id=23814





------- Comment #8 from james at wheare.org  2009-02-07 15:39 PDT -------
For the benefit of Google:

I managed to isolate a reduced test case here:
http://james.wheare.org/stuff/bugs/safari/fixedselect

The setup involves a <select> with at least two <option> children inside a
position:fixed container which is itself contained by a position:relative
element.

Then with javascript:
1. Set the position of the fixed container to absolute
2. Access the container's clientWidth or clientHeight properties
3. Restore the position of the container to fixed

After these operations, select a different option from the drop down and it's
text content will be munged with random characters.

This particular test case doesn't trigger the crash, but it's probably the root
symptom.

This may seem like quite a strange operation but is used in the Prototype.js
Element.getDimensions method:
http://github.com/sstephenson/prototype/blob/952feb48a39d519f8948a469d86bdcc952f5ac62/src/dom/dom.js#L431

Thankfully it's fixed in the latest Webkit nightly but knowing what triggers it
should help any web developers who encounter this issue in the mean time.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list